AIEngine: Artificial Inteligent Engine

AIEngine is a next generation interactive/programmable Python/Ruby/Java packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.

AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

The main functionalities of AIEngine are:

  • Support for interacting/programing with the user while the engine is running.
  • Support for PCRE JIT for regex matching.
  • Support for regex graphs (complex detection patterns).
  • Support five types of NetworkStacks (lan,mobile,lan6,virtual and oflow).
  • Support Sets and Bloom filters for IP searches.
  • Support Linux, FreeBSD and MacOS operating systems.
  • Support for HTTP,DNS and SSL Domains matching.
  • Support for banned domains and hosts for HTTP, DNS, SMTP and SSL.
  • Frequency analysis for unknown traffic and auto-regex generation.
  • Generation of Yara signatures.
  • Easy integration with databases (MySQL, Redis, Cassandra, Hadoop, etc…) for data correlation.
  • Easy integration with other packet engines (Netfilter).
  • Support memory clean caches for refresh stored memory information.
  • Support for detect DDoS at network/application layer.
  • Support for rejecting TCP/UDP connections.
  • Support for network forensics on real time.


Using AIEngine

To use AIEngine(reduce version) just execute the binary aiengine or use the python/ruby/java binding.
[email protected]:~/c++/aiengine/src$ ./aiengine -h
aiengine 1.4
Mandatory arguments:
  -I [ --input ] arg                Sets the network interface ,pcap file or 
                                    directory with pcap files.

Link Layer optional arguments:
  -q [ --tag ] arg      Selects the tag type of the ethernet layer (vlan,mpls).

TCP optional arguments:
  -t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool.

UDP optional arguments:
  -u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool.

Regex optional arguments:
  -R [ --enable-signatures ]     Enables the Signature engine.
  -r [ --regex ] arg (=.*)       Sets the regex for evaluate agains the flows.
  -c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature
                 on the flows.
  -m [ --matched-flows ]         Shows the flows that matchs with the regex.
  -j [ --reject-flows ]          Rejects the flows that matchs with the 
                                     regex.
  -w [ --evidence ]              Generates a pcap file with the matching 
                                     regex for forensic analysis.

Frequencies optional arguments:
  -F [ --enable-frequencies ]       Enables the Frequency engine.
  -g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por
                    t and dst-port.
  -f [ --flow-type ] arg (=tcp)     Uses tcp or udp flows.
  -L [ --enable-learner ]           Enables the Learner engine.
  -k [ --key-learner ] arg (=80)    Sets the key for the Learner engine.
  -b [ --buffer-size ] arg (=64)    Sets the size of the internal buffer for 
                                    generate the regex.
  -y [ --enable-yara ]              Generates a yara signature.

Optional arguments:
  -n [ --stack ] arg (=lan)    Sets the network stack (lan,mobile,lan6,virtual,
                   oflow).
  -d [ --dumpflows ]           Dump the flows to stdout.
  -s [ --statistics ] arg (=0) Show statistics of the network stack (5 levels).
  -T [ --timeout ] arg (=180)  Sets the flows timeout.
  -P [ --protocol ] arg        Show statistics of a specific protocol of the 
                                   network stack.
  -e [ --release ]             Release the caches.
  -l [ --release-cache ] arg   Release a specific cache.
  -p [ --pstatistics ]         Show statistics of the process.
  -h [ --help ]                Show help.
  -v [ --version ]             Show version string.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.